What is the best note-taking application for pentesters? It’s a hot debate, and if you prefer to watch than read then we recently compared many of the popular options in this video (https://www.youtube.com/watch?v=KpX7v5Ym3wg). Otherwise, let’s take a look at what each app has on offer to help you decide what’s right for you.
Our examination consists of eight commonly-used note-keeping tools, some of which are web applications. While these web-based options enhance portability, remember that there may be security implications. Essentially you’re trusting a third party with all of the confidential and private information that you decide to add to your notebook. Always make sure to set the access control settings appropriately, and lean towards reputable products.
Cherrytree
Starting with Cherrytree, this software comes pre-packaged with Kali and encourages a logical hierarchy for organization, coupled with a decent range of formatting tools. However, its lack of syncing capability is a significant drawback. Furthermore, potential corruption issues may deter some users. We put Cherrytree into C-tier.
| Cherrytree | |
| Pros | Cons |
| Pre-installed with kali | No portability |
| Structure of notes | Notes can easily get messy |
| Range of formatting tools | File corruption |
| Export to PDF | |
GitBook
Next up is GitBook. The tool gives us just enough formatting flexibility while preventing distractions. However, its confusing account/ownership model can be off-putting. Despite being somewhat costly for individuals, GitBook offers an effective page structure, and of course our notes can be accessed from anywhere. For its robust features and few drawbacks, GitBook is rated as B-tier.
| GitBook | |
| Pros | Cons |
| Portability | Cost |
| Structure of notes | Account/Organisation setup complexity |
| Just the right amount of formatting | |
Joplin
Joplin has gained a lot of momentum over the years, and for a good reason. It offers a clean user interface and a split edit and preview view for better visibility. With rich text support, syncing via Joplin cloud, and no significant downsides, it easily earns an S-tier ranking.
| Joplin | |
| Pros | Cons |
| Web and local options | …none really… |
| Great range of features | |
| Split view | |
| Export to PDF | |
| E2E encryption | |
| APIs | |
Obsidian
As a dedicated Obsidian user, I like the simple layout, use of markdown, and ability to sync to a private GitHub repository. Obsidian has plenty of available plugins, a free-to-use API and the ability to easily publish content to the web. A solid A-tier contender.
| Obsidian | |
| Pros | Cons |
| Portability | Plugins need manual configuration |
| Plugins & API | Closed source |
| Just the right amount of formatting | |
Notion
Notion has rich functionality and also the recent addition of Notion AI. It supports markdown and offers an array of integrations. You can make use of templates and easily export to PDF. Considering all the aspects, it gets an A-tier ranking.
| Notion | |
| Pros | Cons |
| Portability | Grids are a pain to work with |
| Features | Search isn’t great |
| Formatting | Have to learn the tool |
| Easy to collaborate | |
Google Docs
A flexible tool with markdown support, easy document sharing, and PDF export options. A unique advantage is the inclusion of spreadsheet functionality. Despite a few minor hiccups such as awkward pagination and the need for a plugin for code display, it ranks in the B-tier.
| Google Docs | |
| Pros | Cons |
| Portability | Formatting source code |
| Features | UI is awkward |
| Spreadsheets | |
| Easy to collaborate | |
OneNote
OneNote has an interesting layout and the easy separation of notebooks is definitely a pleasure to work with. However, its code block support is sub-par, and unorganized notes can easily become chaotic. For its relative strengths and weaknesses, it is placed in the C-tier.
| OneNote | |
| Pros | Cons |
| Portability | Placing text anywhere on a page is not nice |
| Easy to collaborate | UI is awkward |
| Notebooks and separation | |